Which of the following best describes why e-mail spoofing is easily executed?
A.
SMTP lacks an adequate authentication mechanism.
B.
Administrators often forget to configure an SMTP server to prevent inbound SMTP connections for domains it doesn’t serve.
C.
Keyword filtering is technically obsolete.
D.
Blacklists are undependable.
Explanation:
A: E-mail spoofing is easy to execute because SMTP lacks an adequate authentication mechanism. An attacker can spoof e-mail sender addresses by sending a TELNET
command to port 25 of a mail server followed by a number of SMTP commands. Spammers use e-mail spoofing to obfuscate their identity. Oftentimes, the purported sender of a
spam e-mail is actually another victim of spam whose e-mail address has been sold to or harvested by a spammer.
B is incorrect because the answer alludes to open mail relay servers. The failure to configure an SMTP server to prevent SMTP connections for domains it doesn’t serve is not
a common mistake. It is well known that an open mail relay allows spammers to hide their identity and is a principal tool in the distribution of spam. Open mail relays are,
therefore, considered a sign of bad system administration. An open relay is not required for e-mail spoofing.
C is incorrect because keyword filtering is a countermeasure that can be used to help suppress spam. While keyword filtering by itself was popular at one time, it is no longer
an effective countermeasure when used just by itself. Keyword filtering is prone to false positives and spammers have found creative ways to work around it. For example,
keywords may be intentionally misspelled or one or two letters of a common word swapped with a special character.
D is incorrect because blacklists list open mail relay servers that are known for sending spam. Administrators can use blacklists to prevent the delivery of e-mail originating
from those hosts in an effort to suppress spam. However, blacklists cannot be depended upon for complete protection because they are often managed by private organizations
and individuals according to their own rules.